<?php
/**
 * Security system in Concerto. In development.
 *
 * @package Concerto
 * @subpackage System
 * @author Jason Raede <jason@torchdm.com>
 */
namespace application\system;
use application\utilities\Utility;
class Gandalf {

	/**
	 * Checks the token form field against the session token for CSRF protection
	 */
	public static function authenticateSender() {
		global $concerto;
		$currentToken = $_SESSION['concerto_token'];
		$requestToken = $_REQUEST['concerto_token'];
		if($currentToken != $requestToken) {
			$concerto->Loader->loadError('Form cannot be authenticated. Please try again');
		}
	}
	
	/**
	 * Generates the session token for CSRF protection
	 */
	public static function generateToken() {
		$_SESSION['concerto_token'] = Utility::strRand(20);
	}
	
	/**
	 * Displays the token field in a form
	 */
	public static function tokenField() {
		?><input type="hidden" id="concerto-token" name="concerto_token" value="<?=$_SESSION['concerto_token']?>"/><?php
	}
}

?>